To implement a PPTP server on the same interface as PPPoE & also to have the 2nd option to pass thru PPTP to a internal PPTP server what version of IOS would I need. Currently the above features that I would like isn't possible in 6.2(4).
I guess I would have to pay for the latest training version of IOS if there isn't a free upgrade since its outside the minor revision number release.
Anyone have an idea of the cost & if I need to renew a support agreement on the device to be able to purchase a newer IOS?
By the way, the PIX operating system is named Finesse, not IOS.
It is not clear from your message whether the PPPoE is outgoing or incoming. PIX 6 only handles PPPoE outgoing, and PPTP incoming.
I thought I remembered reading that you could not configure PPPoE on the same interface as PPTP, but I do not find that restriction documented, so I might be misremembering.
You -can- purchase a PIX software update without a support agreement, but the price is high enough that it is usually not much more expensive to just go for a support agreement.
Your reference to PPoE suggests that you are getting assigned a single IP address by a PPPoE server. You are also trying to pass through GRE and the PPTP TCP port to an inside PPTP server. GRE cannot be PAT'd (port address translation), and there is no way to just specify gre in a static statement the way you can TCP and UDP.
I would say then that what you need is "policy static" -- a static statement that references an access list with the access list matching GRE. It would look something like this:
access-list GRE_static_ACL gre host PPTPSERVERINSIDEIP any static (inside,outside) interface access-list GRE_static_ACL
You can do this with PIX 6.3 and onward.
If you examine the latest PIX security advisories carefully, I seem to recall that there is one outstanding security issue that was not fixed in 6.2 and so could potentially be leveraged into a
6.2(5) rebuild upgrade. I did not, however, read the 6.2 conditions particularily carefully and I could be misremembering.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.